open_social icon indicating copy to clipboard operation
open_social copied to clipboard

Published 20 hours ago verified publisher icon goalgorilla

Issue #3477793: Add 'Verified' role for Flexible group, update permissions, enhance group redirections

Open rochek03 opened this issue 4 months ago • 1 comments

Problem

Users currently experience inconsistent access to group information, allowing non-members to view the stream and members page. This issue necessitates the creation of a new role, "Verified User (outsider)" to ensure proper permissions.

Solution

  1. Create a Verified User (outsider) group role for the Flexible group
  2. Revoke view group stream page and view group_membership relationship permissions for AU, AN and VU user

Sub-PR:

  • https://github.com/goalgorilla/open_social/pull/4120

Issue tracker

  • https://www.drupal.org/project/social/issues/3477793
  • https://getopensocial.atlassian.net/browse/PROD-28608

How to test

  • [ ] Install module "social_group" and "social_group_flexible_group" and "social_group_default_route"
  • [ ] Create public "Flexible" group "Test flexible public group", in settings chose default landing page for non-members - "About", for members "Stream", otherwise the default link of group for non-members will be "Stream" and non-members will get Access denied
  • [ ] Create AU - "AU test"
  • [ ] Create VU - "VU test"
  • [ ] Create VU - "VU member"
  • [ ] Add "VU member" as member to "Test flexible public group"
  • [ ] As a user "AU test" - go to page group/1/stream - you should be redirected to "About" page
  • [ ] As a user "AU test" - go to page group/1/members - you should be redirected to "About" page
  • [ ] As a user "AU test" - go to page group/1 - you should be redirected to "About" page
  • [ ] For AN user the same behavior
  • [ ] As "VU member" - go to page group/1/stream - you should be accessible
  • [ ] As "VU member" - go to page group/1/members - you should be accessible
  • [ ] As "VU member" - go to page group/1 - you should be redirected to "Stream" page
  • [ ] Create a secret "Flexible" group "Test secret group" with "Group members only" visibility
  • [ ] As a user "AU test" or AN - go to page group/1/stream - you should get "Access Denied"
  • [ ] As a user "AU test" - go to page group/1/members - you should get "Access Denied"

Release notes

Updated Flexible group behavior - non-members couldn't see the "Stream" and "Members" pages. If they try to with this page they will be redirected to the "About" page.

rochek03 avatar Oct 22 '24 11:10 rochek03